NDIS compliance checklist: Is your business audit-ready?

As a registered NDIS provider, ensuring your business is audit-ready is not just a matter of regulatory compliance – it is essential for maintaining your registration, securing funding, and ultimately delivering high-quality services to participants. The National Disability Insurance Agency (NDIA) conducts regular audits to ensure providers meet the NDIS Practice Standards and other regulatory requirements. This article will guide you through the key elements of NDIS compliance and provide a checklist to help you prepare for potential audits.

Understanding NDIS Compliance Requirements

NDIS providers must adhere to a number regulations and standards, including:

• NDIS Code of Conduct;
• NDIS Rules;
• Operational Guidelines;
• NDIS Practice Standards and Quality Indicators; and
• NDIS Pricing Arrangements and Price Limits.

These requirements cover various aspects of service delivery, from participant rights and risk management to workforce management and governance. Compliance is not a one-time effort but an ongoing process that requires continuous monitoring and improvement.

When it is time for an audit, auditors will compare your business against these standards.

The Audit Cycle

You may be wondering: how often will we be audited? NDIS audits work on a recurring cycle, where NDIS-approved auditors review your compliance at regular intervals, depending on the type of audit you undertook when you were first registered. If you undertook a certification audit, you will be audited once every 3 years. If you undertook a certification audit, you have an additional audit added to your cycle. This is known as a midterm audit (i.e. occurring every 18 months), then a full re-certification audit every 3 years

Key Areas of NDIS Compliance

Below are the key areas an organisation must evidence compliance with in order to be audit-ready.

1. Governance and Operational Management

To ensure effective governance and operational management, NDIS providers should establish a clear organisational structure with well-defined roles and responsibilities. It is crucial to develop and maintain comprehensive internal and external policies and procedures that align closely with NDIS requirements. This helps to evidence that at an operational level, all of your personnel are well suited for their positions and well resourced with information for compliant practice.

Providers must also implement robust risk management strategies and regularly review their effectiveness to address potential issues proactively. Additionally, maintaining transparent and accountable financial management practices is essential for compliance and organisational integrity.

2. Provision of Supports

You should also implement robust systems to monitor and evaluate the quality of support provided, ensuring continuous improvement and transparency around quality. This will also help you to identify any issues and address them quickly and safely. Monitoring service provision also requires effective record keeping. Clear and transparent records also make for a smooth auditing process, as you can clearly refer auditors to facts about your services, participants and decision making rationale.

3. Support Planning and Delivery

Within the DNA of the NDIS is change. Plans are reviewed annually, as are the pricing arrangements, so regular review and updating of support plans is necessary to stay up to date with changes in the NDIS and potential changes for your participant and their needs.

If changes are required as a result of your review, you should implement processes for managing changes promptly and effectively. To best achieve this, make sure you establish clear communication channels with participants and their support networks to easily and effectively coordinate care. It is also important to continue to document all interactions and decisions related to support planning and delivery for transparency and continuity of care.

4. Participant Rights and Responsibilities

Choice and control is another value at the core of the NDIS that auditors will be keen to prioritise. Your policies and procedures, particularly those about enabling feedback and complaints mechanisms, will need to clearly display your commitment to listening to your participants. Not only this, all staff should receive training in rights-based approaches to service delivery to uphold participant dignity and autonomy.

A significant part of your responsibility to participants is to safeguard their personal information. It is essential to regularly review and update participant information, service agreements and consent forms to maintain accurate and current records. Once you have accurate information, it must be securely stored and all reasonable steps must be taken to protect it from loss or unauthorised use.

5. Human Resource Management

Implementing robust recruitment and screening processes for all staff and volunteers is crucial for maintaining a high-quality workforce. You should provide ongoing training and professional development opportunities to ensure that your staff remain competent and up-to-date with best practices and changes in the NDIS.

The standards for staff are also an important part of keeping participants safe. You must keep accurate and current records about your staff, including their qualifications, background and any complaints or issues that may arise during their work. You must also ensure staff ratios and skill mix meet NDIS requirements and adequately address each specific participant's needs.

6. Incident Management and Reportable Incidents

Even the most compliant and careful providers may run into incidents in the course of delivering services. It is essential to develop and carefully implement a comprehensive incident management system to respond to these incidents and keep participants safe. The system should outline chains of reporting, what details and documents are required and if or when incidents should be escalated.

Staff should receive thorough training in identifying, reporting, and responding to incidents in accordance with your established system to ensure prompt and appropriate action. Regular review of any incident data will also help you to identify trends and implement preventive measures, which reduces incidents and improves your services.

NDIS Compliance Checklist

Here is a quick reference checklist of some steps we recommend to stay audit-ready:

• review and update all policies and procedures annually;
• conduct internal audits of service delivery and documentation quarterly;
• ensure compliance with the NDIS code of conduct, including conflict of interest requirements;
• implement a quality management system aligned with NDIS practice standards;
• maintain up-to-date participant records, including support plans and service agreements;
• regularly train staff on NDIS compliance requirements;
• review and update risk management strategies at least annually;
• implement a system for tracking and addressing participant feedback and complaints;
• conduct regular financial audits and maintain transparent financial records;
• review and update staff records, including qualifications and training certificates;
• test and update your incident management system regularly;
• conduct annual privacy and information security assessments; and
• prepare a compliance folder with key documents readily available for auditors.

Key Takeaways

NDIS compliance is an ongoing process that requires regular review and improvement. Implementing robust systems for governance, service delivery, and information management is crucial. By systematically addressing the areas discussed above, prioritising participant safety, choice and control and maintaining comprehensive documentation, your business will be well-prepared for NDIS audits at any and all times.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.